Google has released its June security update for the Android platform, one of the largest patch bundles so far this year. The package addresses a total of 124 vulnerabilities, including one that is already being actively exploited. Users of Android-powered devices are strongly advised to verify their current patch status and apply the update as soon as it becomes available.
A critical flaw under active exploitation
The actively targeted vulnerability is tracked as CVE-2025-48595 and resides deep within the Android Framework, a core part of the operating system. It allows an attacker to escalate privileges on a device without requiring any user interaction. Google has confirmed indications of limited, targeted attacks exploiting this flaw, though the company has not disclosed who is behind the activity or how exactly the vulnerability is being abused. Devices running Android 14, 15, 16, and Android 16 QPR2 are affected.
Beyond this actively abused bug, Google is closing 123 additional security gaps in this cycle. The rollout is structured in two distinct patch levels. The June 1, 2026 security patch level covers core Android components, including 18 vulnerabilities rated as critical. The broader June 5, 2026 patch level adds fixes for the Linux kernel and for drivers from chipset makers such as Qualcomm and MediaTek. Device protection is guaranteed once a handset reaches either of these two patch dates.
Device-dependent rollout timelines
Whether and when the update arrives depends heavily on the manufacturer. Google’s own Pixel devices are generally the first to receive it, though the distribution is staggered. Recent Samsung Galaxy flagships typically follow within a few days. In contrast, a two-year-old mid-range handset may have to wait several weeks. This inconsistent pace helps explain why many users have not yet installed the patch even when it is technically ready for their device.
How to check and apply the patch
The security patch status can be found in the device settings. Navigate to Settings, then Security & Privacy, followed by System & Updates. The date displayed under “Security update” indicates the current patch level. If it shows either June 1, 2026, or June 5, 2026, the device is up to date. If an older date appears, users should look for available updates within that same menu and install any that are offered. Menu labels may vary slightly across manufacturers, but the general procedure remains the same.
Installing an update takes only a few minutes. Given that one vulnerability is already being actively exploited, that is time well spent.
Sources: source.android.com, cyberinsider.com